Study Guide Preview Cert MSCert Microsoft Cert-1Z0-050 DBCert Oracle Cert CompCert CompTIA

(1)

Cert-1Z0-050 | DBCert | Oracle

®

(2)

Cert-1Z0-050 | DBCert | Oracle

®

(3)

www.transcender.com

3 Contents ... 3

About Your Transcender Study Guide ... 4

Configuring the Domain Name System (DNS) for Active Directory ... 5

Configure Zones ... 6

Configure DNS server settings... 22

Review Checklist: Configuring the Domain Name System (DNS) ... 38

Configuring the Active Directory Infrastructure ... 39

Configure a Forest or a Domain ... 40

Configure Trusts ... 44

Configure Sites ... 48

Configure Active Directory Replication ... 51

Configure the Global Catalog ... 54

Configure Operations Masters ... 56

Review Checklist: Configuring the Active Directory Infrastructure... 61

Configuring Additional Active Directory Server Roles ... 62

Configuring Active Directory Lightweight Directory Service (AD LDS) ... 63

Configuring Active Directory Rights Management Service (AD RMS)... 89

Configuring a Read-only Domain Controller (RODC) Scope ... 93

Configuring Active Directory Federation Services (AD FS) Scope ... 98

Review Checklist: Configuring Additional Active Directory Server Roles ... 115

Creating and Maintaining Active Directory Objects ... 116

Automating the Creation of Active Directory Accounts ... 117

Maintaining Active Directory Accounts ... 122

Creating and Applying Group Policy Objects (GPOs) ... 138

Configuring GPO Templates Scope ... 147

Configuring Software Deployment GPOs ... 153

Configuring Account Policies Scope ... 156

Review Checklist: Creating and Maintaining Active Directory Objects ... 162

Maintaining the Active Directory Environment ... 163

Configure Backup and Recovery ... 164

Perform Offline Maintenance ... 185

Monitor Active Directory ... 188

Review Checklist: Maintaining the Active Directory Environment ... 191

Configuring Active Directory Certificate Services ... 192

Install Active Directory Certificate Services ... 193

Configure CA Server Settings ... 200

Manage Certificate Templates ... 211

Manage Enrollments ... 217

Manage Certificate Revocations ... 224

Review Checklist: Configuring Active Directory Certificate Services ... 233

(4)

4 About Your Transcender Study Guide

IT professionals agree! Transcender has consistently been voted the industry's #1 practice

exam. This Study Guide complements your TranscenderCert

TM

practice exam.

The Study Guide is objective-driven and contains a variety of tools to help you focus your study

efforts. Each Study Guide contains structured sections to help you prepare for your certification

exam:

 Scope :: identifies the learning objectives for each section

 Focused Explanation :: provides definitions, in-depth discussions and examples

 Review Checklist :: highlights the key learning points at the end of each major section

Additional sections to further assist you are located at the end of each Study Guide:

 Test Taking Strategies

 General Tips

 Explanation of Test Item Types

The following study model will help you optimize your study time.

Transcender’s commitment to product quality, to our team and to our customers continues to

differentiate us from other companies. Transcender uses an experienced team of certified

subject-matter experts, technical writers, and technical editors to create and edit the most

in-depth and realistic study material. Every Transcender product goes through a rigorous,

multi-stage editing process to ensure comprehensive coverage of exam objectives. Transcender

study materials reinforce learning objectives and validate knowledge so you know you’re

prepared on exam day

.

Assess your current knowledge level Take a Transcender

practice exam using Preset Experience The objective-based

score report shows you the areas where you are strong and the areas where you need to focus your study efforts

Read the Study Guide by objective Use the practice

exam in Optimize Experience mode Study the test items

by objective Use the included

TranscenderFlash cards to review key concepts

Use your favorite references to get further information on complex material

Take a Transcender practice exam using Preset Experience again

If you didn’t score 100%, go back to your study plan and focus on weak areas

Study those objective areas where you didn’t score 100%

Keep practicing until you consistently score 100% in all areas Prepare To Pass Track your progress Focus on weak areas Assess your knowledge Develop a Study Plan

Start early, at least 6 weeks out Don’t try to cram Set aside specific

study times Use a disciplined

approach so you can thoroughly prepare

(5)

39

(6)

40 Configure a Forest or a Domain

Scope

Learn to install Active Directory Domain Services (AD DS). Learn to remove a domain.

Learn to raise forest and domain functional levels.

Focused Explanation

Active Directory Domain Services (AD DS) is a server role of the Windows Server 2008 operating system. AD DS provides a distributed directory service that can be used for centralized, secure management of a network. AD DS is required for directory-enabled services.

Installing AD DS

Before installing the AD DS server role on a server, you must configure appropriate Transmission Control Protocol/Internet Protocol (TCP/IP) and DNS server addresses.

You can add the AD DS server role by starting the Add Roles wizard from the Server Manager console. This wizard installs files that are required to setup and configure AD DS on a server. After installing the necessary files, the wizard prompts you to run the dcpromo command at the command-line.

Unattended Installation of AD DS

There are several new options in Windows Server to perform an AD DS unattended installation. The unattended installation method is typically used for Server Core installations. The unattended installation method to install AD DS is the same whether a server is running a full installation or a Server Core installation of Windows Server 2008.

The dcpromo command provides you with two different methods to perform an unattended installation. You can create an answer file that contains all the required parameters or you can use the /unattend option and specify all the required parameters in the command line.

The syntax for the dcpromo command is as follows:

dcpromo [/answer[:<filename>] | /unattend[:<filename>] | /unattend

(7)

41

Using Active Directory Migration Tool (ADMT) v3

The ADMT v3 simplifies the process of restructuring the operating environment to meet an organization’s requirement. You can use ADMT v3 to migrate users, groups, and computers from Microsoft Windows NT 4.0 domains to Active Directory domains.

ADMT v3 can also be used to migrate between Active Directory domains in different forests, known as interforest migration; and between Active Directory domains in the same forest, known as intraforest migration. ADMT v3 also performs security translation from Windows NT 4.0 domains to Active Directory domains and between Active Directory domains in different forests.

Using the Forestprep and Domainprep utilities

Adprep.exe is a command-line tool that extends the Active Directory schema and updates permissions to prepare a forest and domain for a Windows Server 2008 DC. The dcpromo command-line tool is

accessible from the Windows Server 2008 DVD. You can go to \sources\adprep folder to access the adprep.exe command-line tool and use the elevated command prompt to run the command.

The syntax of the adprep command is as follows:

adprep {/forestprep | /domainprep | /domainprep /gpprep | /rodcprep | /wssg | /silent}

The /forestprep option

The /forestprep option prepares a forest for a Windows Server 2008 DC.

Running the adprep /forestprep command can only be run once and is performed at the forest level. This command should be run only on the DC that holds the schema operations master role. The administrator who runs this command must be a member in at least one of the following groups:

Schema Admins group Enterprise Admins group Domain Admins group

Domainprep is the option used to set up a domain for a Windows Server 2008-based domain controller. First, run the adprep /forestprep command. After the changes replicate to all the DCs in the forest, run the adprep /domainprep command in each domain that contains a Windows Server 2008 DC. However, you must ensure that the DC holds the infrastructure operations master role for the domain. An

administrator must be a member of the Domain Admins group to run this command.

You can also use the /domainprep with the /gpprep option. The /gpprep option also provides needed updates, which are necessary for enabling the Resultant Set of Policy (RSoP) Planning Mode

(8)

42 Removing a Domain

To remove an Active Directory domain, you must first demote all DCs that are associated with the domain. If a DC is a global catalog, ensure that another global catalog is available before demoting it. To remove a domain, you must hold a membership in one of the following groups:

Domain Admins group in the forest root domain Enterprise Admins group

Before you attempt to remove a domain in your Active Directory environment, you must be aware that removing a domain will erase all domain records, such as user/computer accounts, group membership accounts, and more.

To remove a domain, perform the following steps:

1. Run the dcpromo command on the last DC in the domain.

2. When the Active Directory Installation wizard appears, click Next. 3. When the Remove Active Directory page appears, select the This server is the last domain controller in the domain check box.

(9)

43 Raising the Functional Levels of Windows Server 2008 Forests and Domains

Windows Server 2008 provides three domain and forest functional levels: Windows 2000, Windows Server 2003, and Windows Server 2008. Windows 2000 is the default functional level for forests and domains.

Once the functional level of a domain or forest is raised, DCs that are running previous versions of Windows cannot be added. For example, if the domain or forest functional level is raised to Windows Server 2003, then no Windows 2000 Server DCs can be added.

To raise a domain’s functional level, perform the following steps:

1. Open the Active Directory Domains and Trusts console from Administrative Tools. 2. Select the domain from the console tree. Open the Action menu and click Raise Domain

Functional Level.

3. When the Raise Domain Functional Level dialog box appears, select the appropriate functional level from the drop down menu and click OK.

The available domain functional levels are as follows:

Windows Server 2003: Choose this level if your network infrastructure includes Windows Server 2003-based DCs.

Windows Longhorn Server: Choose this level if your network infrastructure includes only Windows Server 2008-based DCs.

4. Click OK to confirm the domain functional level.

(10)

44 Configure Trusts

Scope

Understand trust relationships. Learn about selective authentication. Learn about forest-wide authentication.

Focused Explanation

A trust relationship is a relationship between domains that allows the DC of one domain to authenticate users from another domain. For example, if a trust relationship exists where Domain A trusts Domain B, then Domain B users can access resources in Domain A and can log on to stations in Domain A with their user accounts and passwords from Domain B. Trusts in a forest are created automatically during the creation of domains.

Trusts can be configured in two directions: one-way, which is referred as non-transitive, or two-way, which is referred to as transitive. Transitive trust is automatically created for all domains within a forest. In active directory, all trust relationships within a forest are two-way or transitive trusts. In a transitive trusts, the relationship between domains is not only two-way but also transitive. For example, Domain1 has a transitive trust relationship with Domain2 and Domain2 has a transitive trust relationship with Domain3. In this scenario, a transitive trust relationship is automatically formed between Domain1 and Domain3. Transitive Trust Relationships

A transitive trust relationship is created automatically for all domains within a forest. Therefore, any domain in the forest can authenticate any domain-based account from any domain within the forest. With a single logon process, accounts with the proper permissions can access resources in any domain in the forest..

You can use the New Trust Wizard to manually create various transitive trusts, such as a Shortcut trust, a Forest trust, or a Realm trust. As its name implies, a shortcut trust will shorten the trust path. Shortcut trusts are generally configured in a large and complex domain tree or forest in the Active Directory environment where a transitive trust is formed between a domain in the same domain tree or forest. A forest trust designed to form a transitive trust between the Forest root domain and a second forest root domain.

In case of a Realm trust, you form a transitive trust between the following: Active Directory domain

(11)

45

Configuring Shortcut Trusts

If users have to logon to different domains in a tree multiple times a day, and the domains are not directly connected, the authentication request will traverse to the highest common domain. A shortcut trust between two such domains eliminates the need for user logon authentication at each traversed domain. You can create a shortcut trust by using the netdom trust command.

To configure a shortcut trust, you must perform the following steps:

1. Open the Active Directory Domains and Trusts console from Administrative Tools.

2. Right-click the domain node for the domain with which you want to establish a shortcut trust from the console tree.

3. Click Properties and select the Trusts tab.

4. Click New Trust, then click Next to access the Trust Name page. 5. Specify the DNS and NetBIOS names for the domain, then click Next. 6. On the Direction of Trust page, perform one of the following actions:

For users in this domain and users in the specified domain to use this trust path, click Two-way.

For only users in this domain to use this trust path, click One-way:incoming.

For only users in the specified domain to use this trust path, click One-way:outgoing. 7. Continue to follow the instructions in the wizard.

If you want to create both sides of a shortcut trust at the same time, click the Both this domain and the specified domain option on the Sides of Trust page. To be able to perform this configuration, you must have administrative rights in both domains to configure this type of trust relationship.

Selective Authentication

Trusts between forests can use legacy authentication settings or selective authentication. Selective authentication is a security setting for external trusts and trusts between forests. With selective

authentication, administrators can choose the users who should have rights to access shared resources in the trusting forest. Selective authentication helps enable Active Directory administrators grant

permission for specific users in another forest. Configuring selective authentication

To enable selective authentication, you must use the following command:

(12)

46

To enable selective authentication over an external trust by using the Windows interface, you must perform the following steps:

1. Open Active Directory Domains and Trusts console from Administrative Tools. 2. From the console tree, select the appropriate domain.

3. Open the Action menu and click Properties.

4. Open the Trusts tab and select the appropriate external trust: Domains trusted by this domain (outgoing trusts) Domains that trust this domain (incoming trusts) 5. Click Properties and select the Authentication tab. 6. Click the Selective Authentication option.

7. Click OK.

To enable selective authentication over a forest trust by using the Windows interface, you must perform the following steps:

1. Open the Active Directory Domains and Trusts console.

2. In the console tree, right-click the domain node for the forest root domain, and click Properties. 3. On the Trusts tab, select the forest trust that you want to configure under either Domains

trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), then click Properties.

(13)

47 Forest-wide authentication

The forest-wide authentication setting permits unrestricted access to all available resources in any of the domains in the trusting forest. This is the default authentication setting for forest trusts, and it is representative of the way authentications can be routed without restriction.

You can enable forest-wide authentication over a forest trust by using the New Trust wizard in Active Directory Domains and Trusts or by using the Netdom command-line tool.

To enable forest-wide authentication over a forest trust by using the Windows interface, you must perform the following steps:

1. Open the Active Directory Domains and Trusts console.

2. In the console tree, right-click the forest root domain, and click Properties.

3. On the Trusts tab, select the forest trust that you want to configure under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), then click Properties.

4. On the Authentication tab, click Forest-wide authentication, then click OK. Note: Only the authentication settings for the outgoing trust are displayed when you click the

(14)

48 Configure Sites

Scope

Learn to create Active Directory subnets. Learn to configure site links.

Learn to configure site infrastructure.

Focused Explanation

Sites are the physical structure, or topology, of a network. In a network, sites represent the physical structure. Site objects and their contents are replicated to all DCs in the forest, regardless of the domain or site.

You can use the Active Directory Sites and Services snap-in to manage the site, subnet, and site link objects that combine to influence the replication topology.

Create a Subnet

A site consists of subnets. A subnet is the set of all addresses behind a single interface on a router. When you associate a site with one or more subnets, you assign a set of IP addresses to the site. The address prefix for an AD DS subnet must conform to the IP version 4 (IPv4) or IP version 6 (IPv6) format.

To create a subnet, you must access Active Directory Sites and Services console from Administrative Tools, then perform the following steps:

1. Under console tree, expand Sites.

2. Select Subnets, access the Action menu and click the New Subnet option. The New Object – Subnet dialog box appears.

3. Type your subnet prefix, for example, IPv4 or IPv6, under the Prefix section.

4. At the bottom of the New Object – Subnet dialog box, select the site that will be associated with this subnet.

(15)

49 Site links

To provide the most updated Active Directory information, you replicate the Active Directory or the default site associated with it. To replicate a site, you must create another site, then transfer the information to the second site. The transfer of information is possible only if the sites are connected or if there is a route between the sites for the information to travel. The association or route between sites is referred to as a site link. To create a site link, you must first access Active Directory Sites and Services from

Administrative Tools, and then perform the following steps:

1. Under console tree, expand Sites > Inter-Site Transport. 2. Select the inter-site transport protocol, for example IP or SMTP. 3. Click Action in the menu bar.

4. Click New Site Link. The New Object – Site Link dialog box appears. 5. Specify a unique name for your new site link.

6. Under Sites not in this site link, select each site from the left pane and click the Add button. Click the Remove button to remove any site from the list.

7. Click OK. Site link costing

When more than one route is available between two sites, inter-site replication occurs on the route with the least cost. If a DC is not available at the time that the replication topology is created, the next least-cost route is used. All site links are transitive and the Bridge all site links option is enabled by default. A site link bride creates a bridge between multiple sites. The site link bridge allows site links to have a common site between different sites.

To configure site link cost, you must first access Active Directory Sites and Services console from Administrative Tools, and then perform the following steps:

1. Under console tree, expand Sites > Inter-Site Transport.

2. Select the site link from the right pane then click Action from the menu bar 3. Click Properties.

4. Specify a value for the cost of replication. This needs to be performed in the Cost section in the site link properties window.

5. Click OK.

(16)

50 Configure Site Infrastructure

Site infrastructure is stored in the directory as site, subnet, and site link objects. When you add the AD DS server role to create the first DC in a forest, a default site is created in AD DS. If this is the only site in the directory, all DCs are assigned to this site. If your forest has multiple sites, you must create subnets that assign IP addresses to the default and additional sites.

Multiple subnets can be attached to a site. To associate a subnet with a site, you must access Active Directory Sites and Services console from Administrative Tools, then perform the following steps:

1. Under console tree, expand Sites.

2. Select Subnets. Click Action from the menu bar. 3. Click Properties.

4. Under the properties window of your subnet, select the site. You perform this step to associate site with the subnet.

(17)

51 Configure Active Directory Replication

Scope

Learn to configure one-way replication. Learn to configure a bridgehead server. Learn to configure replication scheduling. Learn to configure replication protocols.

Focused Explanation

The Active Directory database on any DC can be changed. All DCs in the Active Directory environment maintain a record of any modification made to any DC in the forest. Replication in Active Directory enhances the ability to maintain synchronized records on all DCs. In addition, it also ensures that any modification made to the replica on one DC is updated in the records of other DCs. Replication can happen only between two DCs, whereas information synchronization can be performed for an entire forest of DCs in the Active Directory environment.

Configure One-way Replication

To configure Active Directory replication between two sites, replication should be performed on a continual basis. A replication connection varies between a persistent connection and a one-way initiated on-demand connection. If you imply a persistent connection, you can also configure replication

scheduling by specifying time intervals for replication to happen. A one-way initiated on-demand connection is more of a manual process where Active Directory replication is initiated from a particular site whenever there is a need. Microsoft recommends that you build a reciprocal replication when you plan to initiate a one-way Initiated on-demand connection configuration by using the Active Directory Service Interfaces (ADSI) Edit snap-in.

Great care should be taken when making any changes to the Active Directory object attributes in the ADSI Edit snap-in. Incorrect changes could cause severe problems to the server’s operating system, which may require reinstallation to correct.

To enable one-way replication on a site link, you must perform the following steps:

1. Use the adsiedit.msc run command to open the ADSI Edit snap-in on a DC. 2. Under Connection Point choose Select a well know Naming Context. Choose

Configuration.

(18)

52

5. Under the Details pane, right-click the desired site link object and click the Properties option. Note: The site link objects that you choose are for the sites for which you wish to enable reciprocal replication.

6. Under the Attributes box, double-click Options.

7. From the Integer Attribute Editor dialog box, you can perform one of the following actions: Specify the value as 2, if the Value box displays the value as <not set>.

If a value is displayed, you should convert the integer value to a binary value. In addition, use the binary or operation to join that value with the binary value of 0010, then specify the outcome of the integer value under the Value box.

Configure a Bridgehead Server

When communication takes place between different sites, it is advantageous to reduce the amount of bandwidth used. To accomplish this, the Knowledge Consistency Checker (KCC) automatically selects a server that will handle communication for each site. These servers are known as bridgehead servers. The selection process for a bridgehead server can be performed manually. You can select a server to function as a primary bridgehead server. For added redundancy, you can also select multiple servers. However, only one server can be active at any given time. The other servers function as backup servers and only become active when the active bridgehead server fails. In the event that none of the designated servers is available, the task of inter-site communication is handled by a DC.

To designate a bridgehead server, you must access Active Directory Sites and Services console from Administrative Tools, then perform the following steps:

1. Expand the Sites branch node.

2. Expand the site node that contains the server. 3. Select the Servers container.

4. Right-click the server and select Properties.

(19)

53

Configure replication scheduling

To control replication between two sites, also known as inter-site replication, and to configure settings on the site link object to which the sites are added, you can use the Active Directory Sites and Services snap-in. By configuring certain settings on a site link object, you can when and how often replication occurs between two or more sites.

To configure inter-site replication availability, you must access the Active Directory Sites and Services console from Administrative Tools, and perform the following steps:

1. In the console tree, select the inter-site transport folder that contains the site link for which you are configuring inter-site replication availability.

2. Select the appropriate site link, then click Action from the Menu bar. 3. Click Properties.

4. Click Change Schedule under the site link Properties window.

Note: When you are logged on with an account that does not have sufficient credentials to change the schedule, you can still view the schedule by clicking View Schedule.

Select the block of time during which you want replication to be either available or not available, and click Replication Not Available or Replication Available, respectively.

Force Inter-site Replication

A site object in Active Directory contains a compilation of IP subnets in which several sites are connected to each other for replication. Active Directory site management involves the following:

the addition of new subnets the addition of new site link objects

the configuring cost and scheduling for site links

For inter-site replication optimization, an administrator can perform cost and scheduling modifications. You can also remove sites and associated objects during the following circumstances:

if there is no need for replication

if clients do not require sites or discover network resources

(20)

54

Configure Replication Protocols

To define a route for replication data to travel across the network, a replication topology is created. In order to create a replication topology, Active Directory must identify each DCs replication schedule. Site replication is performed by using the following protocols:

Simple Mail Transfer Protocol (SMTP) Remote Procedure Call (RPC)

Microsoft recommends use of SMTP protocol because it offers a higher level of security when a firewall boundary is crossed. You can also use Replication Monitor, which provides a graphical representation of replication topology.

Configure the Global Catalog

Scope

Learn how to configure Universal Group Caching.

Focused Explanation

The global catalog (GC) is the set of all objects in a forest. GC, a DC in the Active Directory forest, is responsible for maintaining the following:

Full copy records: Contains all objects of its host domain

Partial copy records: Contains a read only copy of all other domains in the forest

When you install AD DS, the first DC that you create in the Active Directory forest will automatically be created in the same DC. However, it is also possible to provide GC functionalities to other DCs in the forest. If necessary, you can also remove the GC from a DC.

Universal Group Membership Caching

(21)

55

Enabling Universal Group Membership Caching

The Universal Group Membership Caching feature for a site can be enabled through the Active Directory Sites and Services snap-in. This can be performed by accessing the Properties window of the NTDS Site Settings and selecting the Enabling Universal Group Membership Caching check box under the Site Settings tab as displayed in Figure 2-1:

Figure 2-1: NTDS Site Settings Properties Window

When Universal Group Membership Caching is enabled, caching begins during the initial logon of universal and global group memberships, after which the cache is updated on a regular basis. You can also define which site is to be used by accessing the NTDS Site Settings Properties dialog box under the Site Settings tab. This can be performed from Refresh cache from list. In some cases, when you do not define any site to use, the cost setting that has been configured will determine which cost effective connection to be used to communicate with a GC server. To perform this action, the closest-site mechanism is followed.

(22)

56

Note: A local domain user can log on only to the local computer and will not be allowed to enter the domain. This is true when the GC server is not available and the local domain user has not previously logged in to the domain. By default, the privilege of logging on to the domain without an available GC is assigned only to domain administrators as they are allowed to log in to a domain even in the absence of GC server.

Configure Operations Masters

Scope

Understand Flexible Single Master Operations (FSMO) roles. Learn to manage Operations Master roles.

Learn how to extend Active Directory schema.

Focused Explanation

Active Directory in a Windows-based environment is referred to as a multimaster-enabled database system. This system consists of five Operations Master roles, or Flexible Single Master Operations (FSMO):

Domain-Naming Master Schema Operations Master Relative Identifier (RID) Master Infrastructure Master

Primary Domain Controller (PDC) Operations Master

As a multimaster-enabled database, Active Directory provides greater flexibility by allowing modifications to occur on any DC in the forest. There are specific tasks allocated to each DC that contain one or more Operations Master roles, thereby ensuring greater efficiency towards updates that occur in the Active Directory database.

(23)

57

Manage Operations Master Roles

There are five operations master roles in Active Directory.

Domain-Naming Master Role: The DC that holds the domain-naming Master role is responsible for managing the inclusion and exclusion of all domains in the directory partition. The following actions can be performed by a DC that has been designated as the domain naming master role:

the removal of existing domains or addition of new domains to the forest

the removal of existing application directory partitions or addition of new application directory partitions to the forest

the replication of existing application directory partitions and the addition of the replicas to other DCs

the addition of cross reference objects to external directories the removal of cross reference objects from external directories the preparation of a forest in order to rename a domain

Schema Operations Master Role: The DC that holds the schema operations master role is the only DC in the entire forest that can perform write operations to the Active Directory schema. The schema operations master role in the Active Directory environment manages and performs updates that are necessary to the Active Directory schema. The DC that acts as the schema master role performs the necessary updates to the Active Directory schema; those updates are then replicated to the other DCs in the forest. Update conflicts are reduced because the schema operations master role is a forest-wide role. RID Master Role: The DC that holds the RID Master role is responsible for allocating blocks of RIDs to all DCs in the domain. This DC assigns a unique security identifier (SID) to every new object it creates. The SID is a combination of two identifiers: the domain SID and the RID. The domain SID uniquely identifies the domain, and all objects within that domain are assigned the same domain SID. The RID is unique for each object in a particular domain. These two identifiers form the SID for an object.

(24)

58

PDC Operations Master Role: On a network environment where the client computers in a particular network segment are operating without Active Directory client software or functioning without Windows NT backup domain controllers (BDC), the computer that holds the PDC operations master role acts as a Windows NT PDC to manage that network segment. It is also responsible for processing and managing logon password changes. If a user supplies an incorrect password while attempting to log on to a DC, the request for authentication is forwarded to the PDC operations master role before the DC rejects the authentication request.

Reassigning Operations Master Roles

There are two methods of reassigning an Operations Master role: transfer or seizure. The transfer method refers to moving the Operations Master role from one DC to another in the Active Directory environment. When you transfer an Operations Master role from one DC to another, the former DC replicates all recent updates to the new DC. This prevents information loss during the transfer. The former DC also

reconfigures itself to accept the role transfer and resumes its normal operations without the particular Operations Master role.

Role seizure is performed when an Operations Master role must be forcibly removed from a DC and assigned to another DC in the Active Directory domain. A disadvantage of performing a role seizure is that any recent changes made to the role will not be updated to the new DC; they will be lost. The former DC is not available to keep the updates and replicate the recent changes (as in the case of a transfer) during the role seizure process. Therefore, it is recommended that role seizure be performed only when no other option is available.

The Active Directory Schema snap-in enables you to move the schema operations master role to a different DC. A domain-naming master role can also be moved to a different DC in the network by using the Active Directory Domains and Trust snap-in or the ntdsutil tool. With ntdsutil, you can seize or transfer any forest-wide and domain-wide role.

If you decide to use the Active Directory Schema snap-in for moving the schema operations master role, then you should access the Active Directory Schema snap-in and perform the following steps:

1. Right-click Active Directory Schema from the console tree. 2. Click Change Domain Controller.

3. Click Specify Name to enter the DC to which the schema operations master role will be transferred.

(25)

59

To move a domain-level Operations Master role from the Active Directory Schema snap-in, perform the following steps:

1. Highlight Active Directory Users and Computers then click Action from the menu bar. 2. Click Connect to the Domain Controller.

3. Click the name of the server from the list of available DCs to which the role will be transferred.. 4. Click OK.

5. Highlight Active Directory Users and Computers, then click Action from the Menu bar. 6. Click All tasks, then click Operations Masters. The current operations master role holders are

displayed in the lower box.

7. Click the tab that corresponds to the role that must be transferred: RID, PDC, or Infrastructure. 8. Click Change once the computer names that are displayed have been confirmed.

9. Click Yes to transfer the role. 10. Click OK.

To seize an Operations Master role, you can run the ntdsutil.exe command from a command prompt, and then perform the following steps:

1. Under the ntdsutil utility, type roles, then press the Enter key at the ntdsutil: prompt. 2. When the fsmo maintenance: prompt in the ntdsutil utility appears, type connections, then

press the Enter key.

3. When the server connections: prompt appears, type connect to server <servername> , then press the Enter key.

4. Once notified of a successful connection, type quit, then press Enter. Type the required

(26)

60

Table 2-1 shows a list of the available commands:

Role Credential Command

Domain-naming master Enterprise Admins Seize domain naming master

Schema operations master Enterprise Admins Seize schema master

Infrastructure master Domain Admins Seize infrastructure master

PDC operations master Domain Admins Seize pdc

RID master Domain Admins Seize rid master

Table 2-1: Seizing Role Commands

The system asks for confirmation. It then attempts to transfer the role. When the transfer fails, the error information appears and the system proceeds with the seizure. After the seizure is complete, a list of the roles and the LDAP name of the server that currently holds each role appears.

Note: During seizure of the RID master, the current role holder attempts to synchronize with its replication partners. If it cannot establish a connection with a replication partner during the seizure operation, it displays a warning and confirms that you want the role seizure to proceed. Click Yes to proceed. Run the quit command twice to exit from ntdsutil utility.

Extending Active Directory Schema

Some features and server roles require corresponding updates to the Active Directory schema. These schema additions are automatically installed when you create an Active Directory forest. Before extending the Active Directory schema, you must ensure that all DCs in the Active Directory forest are online and are performing inbound replication.

Steps to extend the Active Directory schema

1. Log on to the computer that holds the schema operations master role as a member of the Schema Admins group and the Enterprise Admins group.

Note: If you do not know which computer holds the schema operations master role, type Netdom query FSMO at a command prompt, then press Enter:

2. Type repadmin /showrepl to verify that the schema operations master has performed inbound replication of the schema directory partition since the last time server restarted.

3. Type adprep /forestprep at the command prompt, then press the Enter key.

(27)

61 Review Checklist: Configuring the Active Directory Infrastructure

Learn to install Active Directory Domain Services (AD DS).

Learn to remove a domain.

Learn to raise forest and domain functional levels. Understand trust relationships.

Learn about selective authentication. Learn about forest-wide authentication. Learn to create Active Directory subnets. Learn to configure site links.

Learn to configure site infrastructure. Learn to configure one-way replication. Learn to configure a bridgehead server. Learn to configure replication scheduling. Learn to configure replication protocols.

Learn how to configure Universal Group Caching.

Understand Flexible Single Master Operations (FSMO) roles. Learn to manage Operations Master roles.

(28)

234 Test Taking Strategies

The Microsoft Certified Professional (MCP), Microsoft Certified System Administrator (MCSA), Microsoft Certified System Engineer (MCSE), and Microsoft Technology Specialist (TS) credentials identify a standard of competence for entry-level and professional job roles that utilize Microsoft products.

Microsoft's certification program is a recognized credential that signifies a proven level of knowledge and ability. With each level of certification, a higher benchmark of ability is set for greater opportunities and higher pay.

The 83-640 exam is a proctored exam, which may be taken at a Prometric testing center.

Microsoft Certification Roadmap

The 83-640 TS: Windows Server 2008 Active Directory, Configuring exam fulfills the requirement for the Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration. For more information on this certification, visit

http://www.microsoft.com/learning/mcp/mcts/windowsserver/2008/default.mspx.

This exam can also be used to fulfill a core exam requirement for the Microsoft Certified IT Professional: Enterprise Administrator and the Microsoft Certified IT Professional: Server Administrator certifications. A Microsoft candidate should combine training with on-the-job experience. Many of the exam questions are based on real-world scenarios so hands-on experience with the software is vital.

Registering for the Exam

An exam candidate may register for the 83-640 at http://www.prometric.com

Resources

There are several resources produced by Microsoft that you may use to prepare for this exam. These resources include the Microsoft Official Curriculum courseware used in instructor-led training, Microsoft Self-Paced Training Kits, and Microsoft Online Resources. For more information, see the 83-640 Preparation Guide at http://www.microsoft.com/learning/en/us/exams/83-640.aspx.

(29)

Cert-1Z0-050 | DBCert | Oracle

®

(30)

3 Contents ... 3

About your Transcender Study Guide ... 5

Installation and Upgrade Enhancements ... 6

Install Oracle Database 11g ... 7 Upgrade your Database to Oracle Database 11g ... 8 Oracle Direct NFS ... 11 Use Online Patching ... 13 Review Checklist: Installation and Upgrade Inhancements ... 15

Storage Enhancements ... 16

Set up ASM Fast Mirror Resync... 17 Understand Scalability and Performance Enhancements ... 20 Set up ASM Disk Group Attributes ... 22 Use Various New Manageability Options ... 23 Use the md_backup, md_restore, and remap ASMCMD extensions ... 27 Review Checklist: Storage Enhancements ... 31

Intelligent Infrastructure Enhancements ... 32

Creating and Using AWR Baselines ... 33 Setting AWR Baseline Metric Thresholds ... 36 Control Automated Maintenance Tasks ... 39 Using Database Resource Manager New Features ... 45 Using New Scheduler Features ... 48 Review Checklist: Intelligent Infrastructure Enhancements ... 51

Performance Enhancements ... 52

ADDM Enhancements ... 53 Set up Automatic Memory Management ... 57 Enhancements in Statistics Collection ... 59 Review Checklist: Performance Enhancements ... 64

Partitioning and Storage-Related Enhancements ... 65

Implement New Partitioning Methods ... 66 Employ Data Compression ... 70 SQL Access Advisor Overview ... 72 Create SQL Access Advisor Analysis Session using PL/SQL ... 73

Using RMAN Enhancements ... 76

Managing Archive Logs ... 77 Duplicating a Database ... 79 Back up Large Files in Multiple Sections ... 82 Perform Archival Backups ... 84 Create a Virtual Private Catalog for RMAN ... 88 Review Checklist: Using RMAN Enhancements ... 90

Using Flashback and LogMiner ... 91

(31)

4 Diagnosability Enhancements ... 101

Set up Automatic Diagnostic Repository ... 102 Use Support Workbench ... 105 Run Health Checks ... 108 Use SQL Repair Advisor ... 110 Review Checklist: Diagnosability Enhancements ... 114

Database Replay... 115

Overview of Workload Capture and Replay ... 116 Using Workload Capture and Replay ... 118 Review Checklist: Database Replay ... 122

Using the Data Recovery Advisor ... 123

Overview of Data Recovery Advisor ... 124 Repairing Data Failure Using Data Recovery Advisor ... 126 Perform Proactive Health Check of the Database ... 130

Security: New Features ... 134

Configure the Password File to use Case Sensitive Passwords ... 135 Encrypt a Tablespace ... 139 Configure Fine Grained Access to Network Services ... 142 Review Checklist: Security: New Features ... 144

Oracle SecureFiles ... 145

Use SecureFile LOBs to store documents with Compression, Encryption, De-duplication, and Caching 146 Use SQL and PL/SQL APIs to Access SecureFile LOBs ... 149 Review Checklist: Oracle SecureFiles ... 152

Miscellaneous New Features ... 153

Describe and Use Online Table Redefinition ... 154 Enhanced Fine Grained Dependency Management ... 155 Use Enhanced DDL – Apply the Improved Table Lock Mechanism, Create Invisible Indexes ... 156 Use Query Result Cache and PL/SQL Result Cache ... 158 Adaptive Cursor Sharing ... 162 Temporary Tablespace Enhancements ... 163 Review Checklist: Miscellaneous New Features ... 166

SQL Performance Analyzer ... 167

Overview of SQL Performance Analyzer ... 168 Using SQL Performance Analyzer ... 169 Review Checklist: SQL Performance Analyzer ... 173

SQL Plan Management ... 174

SQL Plan Baseline Architecture ... 175 Set up a SQL Plan Baseline... 177 Using SQL Plan Baseline ... 182 Review Checklist: SQL Plan Management ... 183

Automatic SQL Tuning ... 184

Set up and Modify Automatic SQL Tuning ... 185 Interpret Reports Generated by Automatic SQL Tuning ... 188 Review Checklist: Automatic SQL Tuning ... 191

(32)

5 About your Transcender Study Guide

IT professionals agree! Transcender has consistently been voted the industry's #1 practice

exam. This Study Guide complements your TranscenderCert

TM

practice exam.

The Study Guide is objective-driven and contains a variety of tools to help you focus your study

efforts. Each Study Guide contains structured sections to help you prepare for your certification

exam:

 Scope :: identifies the learning objectives for each section

 Focused Explanation :: provides definitions, in-depth discussions and examples

 Review Checklist :: highlights the key learning points at the end of each major section

Additional sections to further assist you are located at the end of each Study Guide:

 Test Taking Strategies

 General Tips

 Explanation of Test Item Types

The following study model will help you optimize your study time.

Transcender’s commitment to product quality, to our team and to our customers continues to

differentiate us from other companies. Transcender uses an experienced team of certified

subject-matter experts, technical writers, and technical editors to create and edit the most

in-depth and realistic study material. Every Transcender product goes through a rigorous,

multi-stage editing process to ensure comprehensive coverage of exam objectives. Transcender

study materials reinforce learning objectives and validate knowledge so you know you’re

prepared on exam day

.

Assess your current knowledge level Take a Transcender

practice exam using Preset Experience The objective-based

score report shows you the areas where you are strong and the areas where you need to focus your study efforts

Read the Study Guide by objective Use the practice

exam in Optimize Experience mode Study the test items

by objective Use the included

TranscenderFlash cards to review key concepts

Use your favorite references to get further information on complex material

Take a Transcender practice exam using Preset Experience again

If you didn’t score 100%, go back to your study plan and focus on weak areas

Study those objective areas where you didn’t score 100%

Keep practicing until you consistently score 100% in all areas Prepare To Pass Track your progress Focus on weak areas Assess your knowledge Develop a Study Plan

Start early, at least 6 weeks out Don’t try to cram Set aside specific

study times Use a disciplined

approach so you can thoroughly prepare

(33)

52

(34)

53 ADDM Enhancements

Scope

Understand the enhancements to ADDM in Oracle 11g, including support for RAC environments. Use the DBMS_ADDM package for ADDM management.

Focused Explanation

Automatic Database Diagnostic Monitor (ADDM) is a feature of Oracle Database that is used to detect possible performance problems and possible solutions for those problems. After data is captured in the Automatic Workload Repository (AWR), ADDM processes the data to identify the root cause of

performance problems.

In Oracle Database 11g, ADDM works at both the database and instance levels. Oracle Database 11g introduces a new mode for running ADDM at the cluster level, called database ADDM mode. In database ADDM mode, ADDM analyzes data associated with an Oracle Real Application Clusters (RAC) database. This mode is used to tune all global resources. To view the reports generated by ADDM, you can use Enterprise Manager.

ADDM reports only time-consuming issues. Time-consuming issues are issues that take up a significant amount of instance or database time. Instance time is the time for which a specific resource is used by a single instance. Database time is the sum of instance times of all instances in a database. Database time does not include time taken by the Automatic Storage Management (ASM) instances. The data generated by ADDM is in the form of findings. There are two types of findings, database and instance. Database findings are issues that affect multiple instances or a shared resource of the database. Instance findings are issues related to only one instance. If any instance time is a huge part of the database time, the issue might be recorded as a database finding.

An issue is associated with a suggested solution. Each suggestion reflects the amount of database instance time that will be saved by implementing the suggestion. Each suggestion also explains the reasons for suggested solutions. At times, the suggestion contains instructions for implementing the suggested solutions. An issue might have several possible solutions suggested. The user can decide whether to implement the solutions.

Working with ADDM

You can run ADDM using the DBMS_ADDM package. This package allows you to run ADDM in the different available modes, to view repots, insert directives to findings, and delete directives for findings. To run the DBMS_ADDM package, you must have the ADVISOR privilege.

Note: You can also use Oracle Enterprise Manager to run ADDM.

(35)

54

Syntax

DBMS_ADDM.ANALYZE_DB(task_name, begin_snapshot, end_snapshot, db_id);

The task_name parameter specifies the name of the analysis task to be created. The begin_snapshot and end_snapshot parameters specify the range of snapshots to be analyzed or the time period to be analyzed. The db_id parameter is the database identifier of the database to be analyzed. The default value of this parameter is the database identifier of the local database.

To analyze a single instance of the database, you should run ADDM in the instance mode. To enable ADDM in the instance mode, use the DBMS_ADDM.ANALYZE_INST procedure.

Syntax

DBMS_ADDM.ANALYZE_INST(task_name, begin_snapshot, end_snapshot, instance_number, db_id);

The instance_number parameter specifies the instance to be analyzed. If unspecified, the default value is the current instance to which you are connected. All the other parameters are the same as for the DBMS_ADDM.ANALYZE_DB procedure.

If you want to analyze only some instances of a database, you can run ADDM in partial mode. In partial mode, ADDM analyzes only the specified instances. Instances to be analyzed are indicated by their associated instance_number parameters. To initialize ADDM in partial mode, run the

DBMS_ADDM.ANALYZE_PARTIAL procedure. Syntax

DBMS_ADDM.ANALYZE_PARTIAL(task_name, instance_numbers, begin_snapshot, end_snapshot, db_id);

The instance_numbers parameter specifies the instances to be analyzed. The parameter is specified as a list of instance numbers, separated by commas.

To display the findings of ADDM, you can use the DBMS_ADDM.GET_REPORT function. The return type of the function is CLOB, formatted to fit a line size of 80.

Syntax

DBMS_ADDM.GET_REPORT (task_name, RETURN CLOB);

For example, to display reports despite any directives for the task task1, you would use the following statement:

(36)

55

Inserting Directives

To limit reporting of specific types of findings, you can create directives and apply them to ADDM tasks. Note: A directive can be created for a specific task or for all ADDM tasks globally. The directive is applied to all ADDM tasks created after the directive is specified. It does not affect pre-existing tasks. Such directives are called system directives. Directives can suppress ADDM findings related to specific parameters, SQL statements, or segments.

You can create a finding directive using the INSERT_FINDING_DIRECTIVE procedure. Syntax

DBMS_ADDM.INSERT_FINDING_DIRECTIVE (task_name, dir_name, finding_name, min_active_sessions, min_perc_impact);

The task_name and finding_name parameters specify the name of the task and the ADDM finding with which the directive is assocaiated, respectively. The dir_name parameter specifes a unique name for the directive.

The min_active_sessions and min_perc_impact parameters define the criteria for the ADDM finding to be a part of ADDM results. If the minimum number of active sessions is less than the value specified in the min_active_sessions parameter, the ADDM finding will not be included in the ADDM results. The min_perc_impact parameter specifies the mimum time that a particular finding should have taken when compared to the total time. If the minimum percentage of time taken by the finding is less than the percentage specified in the min_perc_impact parameter, the finding will not be included in the overall ADDM analysis. For example, if you have set the min_perc_impact parameter to 10 and the database time is 10 hours, then any ADDM finding that takes less than one hour, which is 10 percent of 10 hours, will not be included in the ADDM analysis report.

If you want to stop ADDM from suggesting actions regarding a specific system parameter, you can create parameter directives. Parameter directives are created using the

DBMS_ADDM.INSERT_PARAMETER_DIRECTIVE procedure. After you create a parameter directive, all suggestions containing actions associated with the specified parameter will be omitted from the report. Syntax

(37)

56

Syntax

DBMS_ADDM.INSERT_SEGMENT_DIRECTIVE (task_name, dir_name, owner_name, object_name, sub_object_name);

dir_name specifies a unique name of the directive to be created.

owner_name specifies the name of the user who owns the segment on which you are performing the filter action.

object_name specifies the particular object that will be filtered.

sub_object_name specifies the name of the sub-object, such as a partition or sub-partition within the object being filtered.

object_number specifies the unique ID number to identify the specific object or sub-object to being filtered.

When you execute the INSERT_SEGMENT_DIRECTIVE procedure, you need to ensure that the task has been reset to its initial state; otherwise, the code will fail.

If you do not want ADDM to display any findings for a specific SQL statement, you should create a SQL directive. To create a SQL directive, you can use the DBMS_ADDM.INSERT_SQL_DIRECTIVE procedure. Syntax

DBMS_ADDM.INSERT_SQL_DIRECTIVE (task_name, dir_name, sql_id, min_active_sessions, min_response_time);

Most of the parameters used in the INSERT_SQL_DIRECTIVE procedure have been covered in the procedures discussed earlier, except for the sql_id parameter and the min_response_time

parameter. The sql_id parameter specifies the unique SQL ID number to identify the SQL statement to be filtered. The min_response_time parameter specifies the minimum response time for the SQL statement required for it to be included in the ADDM analysis. This time is measured in microseconds. Deleting ADDM Tasks and Directives

(38)

57

Syntax

DBMS_ADDM.DELETE (task_name);

To delete a finding directive, use the DBMS_ADDM.DELETE_FINDING_DIRECTIVE procedure: DBMS_ADDM.DELETE_FINDING_DIRECTIVE(task_name, dir_name);

To delete a parameter directive, use the DBMS_ADDM.DELETE_PARAMETER_DIRECTIVE procedure. It removes system directive for parameters. Subsequently created ADDM tasks are not affected by the directive.

DBMS_ADDM.DELETE_PARAMETER_DIRECTIVE (task_name, dir_name);

To delete a segment directive, use the DBMS_ADDM. DELETE_SEGMENT_DIRECTIVE procedure: DBMS_ADDM.DELETE_SEGMENT_DIRECTIVE (task_name, dir_name);

To delete a SQL directive, use the DBMS_ADDM.DELETE_SQL_DIRECTIVE procedure: DBMS_ADDM.DELETE_SQL_DIRECTIVE (task_name, dir_name);

Set up Automatic Memory Management

Scope

Understand and use the new memory management initialization parameters. Enable automatic memory management using Enterprise Manager.

Focused Explanation

Memory management involves managing how memory is allocated between the system global area and the instance program global area. Automatic memory management is a feature of Oracle 11g that helps you configure Oracle to allocate memory to database instances automatically. In previous versions of Oracle, two initialization parameters, SGA_TARGET and PGA_AGGREGATE_TARGET, were used to manage memory allocation. Oracle 11g uses two new parameters, MEMORY_TARGET and MEMORY_MAX_TARGET, to automatically manage memory allocation.

In previous versions of Oracle, the SGA_TARGET parameter value specified the amount of memory to be allocated to the system global area. Another parameter that was used was PGA_AGGREGATE_TARGET, which specified the maximum amount of memory to be allocated to the instance program global area. The instance program global area is the sum of all program global areas of an instance. Memory would be allocated to the SGA and PGA according to these two parameter values. The amount of memory

(39)

58

In Oracle 11g, you can specify the amount of memory to be allocated to an instance by using the MEMORY_TARGET parameter. This is the only required parameter. The MEMORY_TARGET parameter represents the total amount of memory that can be allocated to the SGA and PGA. Oracle automatically calculates values for the SGA_TARGET and PGA_TARGET parameters. The memory between the SGA and PGA is adjustable according to the amount of memory each requires. The MEMORY_TARGET parameter is called the maximum memory size initialization parameter. This parameter is dynamic and can be modified without having to restart the database. If the SGA_TARGET and PGA_AGGREGATE_TARGET parameters are specified, MEMORY_TARGET should be equal to or more than the sum of the SGA_TARGET and PGA_AGGREGATE_TARGET parameter values. If no value is specified, the default value is 0. The other new parameter is the MEMORY_MAX_TARGET parameter. This is a static parameter that

specifies the maximum possible value for the MEMORY_TARGET parameter. It ensures that you do not set the target memory size too high so that sufficient memory space is left for the Oracle Database instance. Specifying a value for this parameter is optional. Because some SGA components require a minimum amount of memory, the instance prevents you from setting the target memory size too low. If unspecified, the value of MEMORY_MAX_TARGET is set to the value of MEMORY_TARGET. If MEMORY_TARGET is unspecified, then the value of MEMORY_MAX_TARGET is also 0.

Enabling Automatic Memory Management

You can enable automatic memory management after you have installed a database. Steps to enable automatic memory management:

1. Log in to the database as the SYS user.

2. At the top of the Database Home page, click Server.

3. In the Server subpage, in the Database Configuration section, click Memory Advisors. The Memory Advisors page appears with the SGA subtab displayed by default.

4. In the Maximum SGA Size (MB) field, enter the maximum permissible size for database memory and click Apply.

5. In the page prompting you to restart the database, click Yes.

6. In the Restart Database: Specify Host and Target Database Credentials page, enter the credentials for the SYS user for the host and database, and click OK.

7. On the Restart Database: Confirmation page, click Yes to restart the database automatically. 8. After a few minutes, click Refresh. The Database Home page appears.

9. Return to the Memory Advisors page. On the Memory Advisors page, next to Automatic Memory Management Disabled, click Enable.

10. On the Enable Automatic Memory Management page, in the Total Memory Size for

(40)

59

You can also enable automatic memory management when you install the Oracle database. While installing, if you choose the basic installation option, automatic memory management is enabled by default. If you choose the advanced installation option, DBCA enables you to select from the three memory management modes.

Enhancements in Statistics Collection

Scope

Learn to gather statistics incrementally for partitioned tables.

Understand and use extended statistics, including multicolumn statistics and expression statistics. Understand the difference between pending and current statistics.

Learn to gather pending statistics and publish them later.

Focused Explanation

The automatic statistics-gathering feature was introduced in the previous versions of Oracle Database. This feature reduced the effort required to gather data for processing. The only disadvantage of this feature was that it did not have object-level control. If you wanted to analyze data or statistics for a small subset of an object, such as a subpartition of a schema, you would have to disable the automatic statistics-gathering feature and gather and analyze the data manually.

In Oracle Database 11g, the Statistics Preferences feature has been introduced. This feature enhances the automated statistics-gathering feature by making it more flexible. Statistics preferences allows you to configure different attributes or parameters of the GATHER_*_STATS procedure while gathering data. These attributes override the default behavior of the gathering procedure at the object or schema level. You can set, get, export, import, and delete the statistics preferences at the table, schema, database, and global levels. Global preferences are for tables that do not have preferences, whereas database

preferences set preferences on all tables. The preference values take precedence from the smallest to largest part of the database, from subpartition to global level preferences.

In the Oracle Database 11g, three new options can be used as statistics preferences. They are: PUBLISH: This option is used to publish statistics to the data dictionary or store them in a pending area.

STALE_PERCENT: This option helps determine the staleness of statistics. The value of this option is a percentage of rows modified since the last statistics gathering. If the percentage of rows modified since the last gathering is more than the value of this option, the statistics are gathered, as the current statistics are considered old.

(41)

60 Incremental Statistics for Partitioned Tables

For partitioned objects, the system maintains statistics on each partition and the overall statistics of the table. Often, for a table partitioned using a date range value, very few partitions are modified and data in the other partitions remains the same.

The system tracks modification of data at the table and partition levels. For the global statistics of the entire table, the entire table is scanned. This tends to increase the time and resources required to gather statistics.

Oracle Database 11g introduces a new method of gathering global statistics by scanning only those partitions that have been significantly changed. It retains the statistics of partitions that have not been modified. This method of gathering and storing statistics is called incremental gathering of statistics. The DBMS_STAT package allows you to specify the granularity on a partitioned table. To activate incremental statistics gathering, you must set the INCREMENTAL option to TRUE. It does not incrementally maintain histograms and density global statistics.

Hash-Based Sampling for Column Statistics

By default and without histograms, the statistics optimizer uses a number of distinct values to decide the selectivity of a predicate of a column. For query optimization, it is important to know the number of distinct values. In previous versions of Oracle, the system used a SQL statement to count the number of distinct values in a sample of the table to be analyzed. In previous versions of Oracle, DBAs had two methods available for gathering column statistics. They could use either a small sample size, or they could use a large sample or full scan. Using a small sample size reduced the execution time, but the results were not totally reliable and accurate. Using a large sample or performing a full scan provided accurate results, but took more time.

Oracle Database 11g introduces a new method for gathering column statistics that provides accurate results and takes less time than performing a full scan. To initiate this method, you must set the ESTIMATE_PERCENT gathering option to AUTO_SAMPLE_SIZE, which is also the default value of the ESTIMATE_PERCENT option. If you change the default value of ESTIMATE_PERCENTAGE, then the DBMS_STATS gathering procedures automatically decide on the size of the sample to be collected. If the size of the specified is sample is small, then the system automatically gathers a larger sample. If the specified sample size is large, then the system automatically gathers a smaller sample. This avoids any issues with the accuracy of the result because the system gathers a sample large enough to cover all distinct values.